16
Risk Management Plan
• A strategic risk management plan is imperative
– Identify organizational risk appetite
– Identify key technology assets
– Identify and evaluate IT security controls
– Identify residual risks
– Document acceptance of residual risks
• Demand incremental and evolutionary improvements to cyber
maturity
• Establish a culture of security